ASA Load-balancing/Cluster and the VPNs

Unanswered Question

Hi all,

I read everything and it's opposite about ASA in cluster/load-balancing mode and how they handle SSL VPN, client IPSec VPN, Site-to-site VPN...

Someone can clarify to me the situation? Can we do Client SSL & IPSec VPN on a ASA cluster?

Site-to-site VPN can't participate to the load-balancing, how is handle the site-to-site VPN (only by the cluster master - in his real ip or can we use cluster IP anyway for site-to-site VPN?

In a ASA cluster, to do site-to-site VPN, can we use the real outside IP of the master?

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nelson Rodrigues Wed, 12/09/2009 - 10:42
User Badges:
  • Cisco Employee,

Yes. ASA can load balance remote access VPN (IP

sec, Clientless VPN, and Client SSL VPN). Site-to-Site and L2TP/IPSec don't participate in LB algorithm.

You mus use the real IP of the the ASA for Site-to-Site and L2TP/IPsec sessions. It can be the real IP of the master ASA or any of the cluster.


This Discussion